-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:112 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gd Date : June 27, 2006 Affected: 10.2, 2006.0 _______________________________________________________________________ Problem Description: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. gd-2.0.15 in Corporate 3.0 is not affected by this issue. Packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2906 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: a8b7178a2e3aabd8f26f0575cc8775ae 10.2/RPMS/gd-utils-2.0.33-3.1.102mdk.i586.rpm e3ef1e900f6de8cdaea4d6fd5a516476 10.2/RPMS/libgd2-2.0.33-3.1.102mdk.i586.rpm cfe793a05357a871c3bce58ac19431a3 10.2/RPMS/libgd2-devel-2.0.33-3.1.102mdk.i586.rpm 21e65240b1c3afc878861e86e993df88 10.2/RPMS/libgd2-static-devel-2.0.33-3.1.102mdk.i586.rpm ad156d018149831cf4c0fec70bb9ba67 10.2/SRPMS/gd-2.0.33-3.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 37d535359d49339434c107a48b11a8ea x86_64/10.2/RPMS/gd-utils-2.0.33-3.1.102mdk.x86_64.rpm ff1287dd3c92ba8933162e5caf54d123 x86_64/10.2/RPMS/lib64gd2-2.0.33-3.1.102mdk.x86_64.rpm 4f8eaad304f1ed2e0be07f969d8cae72 x86_64/10.2/RPMS/lib64gd2-devel-2.0.33-3.1.102mdk.x86_64.rpm df8f7bc54de7ab615128871448c8fcd4 x86_64/10.2/RPMS/lib64gd2-static-devel-2.0.33-3.1.102mdk.x86_64.rpm ad156d018149831cf4c0fec70bb9ba67 x86_64/10.2/SRPMS/gd-2.0.33-3.1.102mdk.src.rpm Mandriva Linux 2006.0: 464c206bd702817804b25b0602c9682d 2006.0/RPMS/gd-utils-2.0.33-3.1.20060mdk.i586.rpm a1f0caedbb819ae5aaf0259d657ab137 2006.0/RPMS/libgd2-2.0.33-3.1.20060mdk.i586.rpm 2157623bebe2e780d519ab33f6846b4a 2006.0/RPMS/libgd2-devel-2.0.33-3.1.20060mdk.i586.rpm 38190793bfa2aec8feaaeec235c83020 2006.0/RPMS/libgd2-static-devel-2.0.33-3.1.20060mdk.i586.rpm b95de17443646c61d83adba4378a5d71 2006.0/SRPMS/gd-2.0.33-3.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 4036c957b65111965a17c0e792b53739 x86_64/2006.0/RPMS/gd-utils-2.0.33-3.1.20060mdk.x86_64.rpm 30b39956ee262b92a88e6148d8691735 x86_64/2006.0/RPMS/lib64gd2-2.0.33-3.1.20060mdk.x86_64.rpm 1d28e426cecac98c3248d3c61727e842 x86_64/2006.0/RPMS/lib64gd2-devel-2.0.33-3.1.20060mdk.x86_64.rpm 9ef94ef9bb6b02afb3b67617eb3e36c9 x86_64/2006.0/RPMS/lib64gd2-static-devel-2.0.33-3.1.20060mdk.x86_64.rpm b95de17443646c61d83adba4378a5d71 x86_64/2006.0/SRPMS/gd-2.0.33-3.1.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEoaz2mqjQ0CJFipgRAqjAAJoCtlhpb95ZmP0unk5MP92uOEekhQCdHlGH kZbOHCAUixee4sfAOoBU7M8= =hfg5 -----END PGP SIGNATURE-----